FAQ?

What is insecure cryptographic storage and how does it work?

Insecure Cryptographic Storage is possible because data encryption is not always performed by the web server. For example, many websites use a type of encryption called SSL (Secure Socket Layer) to secure sensitive information like login credentials and credit card numbers.

Is your cryptography insecure in your mobile app?

Insecure use of cryptography is common in most mobile apps that leverage encryption. There are two fundamental ways that broken cryptography is manifested within mobile apps. First, the mobile app may use a process behind the encryption / decryption that is fundamentally flawed and can be exploited by the adversary to decrypt sensitive data.

What is insecure cryptographic storage in OWASP?

No one can be 100% sure, so storing sensitive information in database in encrypted form can protect your data even if someone gets unauthorized access. Here comes another big OWASP vulnerability that exists because of improper use of cryptography or no use of cryptography. This vulnerability is called Insecure Cryptographic Storage.

Why are cryptographic storage vulnerabilities so important?

Applications that process sensitive information are responsible for protecting it. One of the OWASP Top 10 vulnerabilities is a category entitled “Insecure Cryptographic Storage”, and it refers to the failure of an application to protect data in storage (i.e. “at rest”). In this article we explore this problem.